CISA: Exploit Successful Against Windows BlueKeep Vulnerability

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning users of affected Microsoft Windows operating systems (OS) that they successfully tested an exploit against a vulnerable Windows 2000 server. The exploit targets the BlueKeep vulnerability, CVE-2019-0708, present within the Remote Desktop Protocol (RDP) used by Windows OS and can be used to take control of affected systems. Microsoft recently released a warning urging users and administrators to update their systems as the vulnerability is considered “wormable,” allowing it to propagate to other vulnerable systems and spread rapidly without user interaction. The NJCCIC highly encourages users and administrators apply patches to affected systems as soon as possible after appropriate testing, consider upgrading any End-of-Life systems, and disable unnecessary ports and services. More information on the vulnerability, including a list of affected operating systems and links for updating systems, can be found in the Microsoft advisory.